Remove security problem with returning last-modified headers when logged in

git-svn-id: http://scm.dspace.org/svn/repo/trunk@2769 9c30dcfa-912a-0410-8fc2-9e0234be79fd
2025-10-12 04:23:13 +00:00 · 2008-02-29 15:29:43 +00:00
parent be236dc6aa
commit 5152d0e65d
1 changed files with 21 additions and 10 deletions
--- a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/DSpaceObjectServlet.java
+++ b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/DSpaceObjectServlet.java
@@ -73,6 +73,11 @@ public class DSpaceObjectServlet extends DSpaceServlet
        {
            Item item = (Item) dso;

+            // Only use last-modified if this is an anonymous access
+            // - caching content that may be generated under authorisation
+            //   is a security problem
+            if (context.getCurrentUser() == null)
+            {
                response.setDateHeader("Last-Modified", item
                        .getLastModified().getTime());

@@ -91,6 +96,12 @@ public class DSpaceObjectServlet extends DSpaceServlet
                    displayItem(context, request, response, item);
                }
            }
+            else
+            {
+                // Display the item page
+                displayItem(context, request, response, item);
+            }
+        }
        else if (dso.getType() == Constants.COLLECTION)
        {
            Collection c = (Collection) dso;